X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/293fe68eff1923a00992e0a195ba025ab7bd9efa..865d20af80a70929c761e3ea6d1010669bb4ed62:/app/controllers/friendships_controller.rb?ds=sidebyside

diff --git a/app/controllers/friendships_controller.rb b/app/controllers/friendships_controller.rb
index a983bec75..75e53368d 100644
--- a/app/controllers/friendships_controller.rb
+++ b/app/controllers/friendships_controller.rb
@@ -27,7 +27,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end
@@ -50,7 +50,7 @@ class FriendshipsController < ApplicationController
         end
 
         if params[:referer]
-          redirect_to params[:referer]
+          redirect_to safe_referer(params[:referer])
         else
           redirect_to user_path
         end